AVG-1551 log
| Package | roundcubemail |
| Status | Fixed |
| Severity | High |
| Type | cross-site scripting |
| Affected | 1.4.10-2 |
| Fixed | 1.4.11-1 |
| Current | 1.6.11-1 [extra] |
| Ticket | None |
| Created | Tue Feb 9 16:41:36 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-26925 | High | Yes | Cross-site scripting | Roundcube before 1.4.11 allows cross-site scripting (XSS) via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 12 Feb 2021 | ASA-202102-27 | roundcubemail | cross-site scripting |